This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
umar7
Contributor
‎2023-01-03 11:53 PM

port 264 queries whether its need or not

We have the following questions regarding FW1_topo traffic.

  1. What is FW1_topo traffic for?
  2. What is the impact to our production environment when a known IOC IP address had established connection with our firewall using FW1_topo service?
  3. Is allowing FW1_topo service by default necessary in our environment?
  4. Can we disable this implied rule?
  5. If yes, how can we disable it? And what is the impact of disabling this implied rule?
0 Kudos
4 Replies
Chris_Atkinson
Employee Employee
Employee
‎2023-01-04 12:03 AM

Is your gateway configured for remote access VPN?

Please refer:

sk60773: [RST, ACK] response to TCP/264

sk132712: Vulnerability scan shows ports 18231 and 264 open under LISTEN mode when using TLS1.0 and TLS1.1 - reference CVE-2000-1201

sk69360: Check Point response to SecuRemote Topology Service Hostname Disclosure

sk62692: Ports used on Security Gateway for SecureClient and Endpoint Security VPN

 

If you have no plans to leverage Check Point remote access disabling this global option may also work for you:

264.png

 

CCSM R77/R80/ELITE
umar7
Contributor
‎2023-01-05 01:48 AM
In response to Chris_Atkinson

hello guys ,

       thanks for the information i will update and if i have any queries regarding this issue . i will update the chat tail.

 

0 Kudos
Blason_R
Leader
Leader
‎2023-01-04 06:43 PM

As suggested by @Chris_Atkinson this is used for fetching the Topology by Remote Access VPN users. if you dont use this feature you can disable it using Implied rules and those are correct sks given by him and if you are following those it should not be a problem.

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
the_rock
Legend
Legend
‎2023-01-04 07:51 PM

Chris is spot on with those SKs as @Blason_R said.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events